<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2>响应包装说明</h2><p style="text-align: justify;">这个工具首先是一个LLMNR和NBT-NS响应，将根据其名称后缀回答*具体* NBT-NS（NetBIOS名称的服务）查询（见http://support.microsoft.com/kb/163409） 。默认情况下，该工具将只回答到文件服务器服务的要求，这对于中小型企业。这背后的概念，是针对我们的答案，并在网络上隐蔽。这也有助于确保我们不打破合法NBT-NS的行为。如果你想这个工具来回答工作站服务请求的后缀名可以设置通过命令行-r选项为1。 </p><p>资料来源：https://github.com/SpiderLabs/Responder <br> <a href="https://github.com/SpiderLabs/Responder" variation="deepblue" target="blank">应答器首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/responder.git;a=summary" variation="deepblue" target="blank">卡利响应回购</a> </p><ul><li>作者：Trustwave控股公司，洛朗Gaffie </li><li>许可：GPLv3的</li></ul><h3>包括在响应包中的工具</h3><h5>响应 - NBT-NS / LLMNR响应</h5><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="6e1c01011a2e050f0207">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# responder -h<br>
Usage: python /usr/bin/responder -i 10.20.30.40 -b On -r On<br>
<br>
Options:<br>
  -h, --help            show this help message and exit<br>
  -A, --analyze         Analyze mode. This option allows you to see NBT-NS,<br>
                        BROWSER, LLMNR requests from which workstation to<br>
                        which workstation without poisoning anything.<br>
  -i 10.20.30.40, --ip=10.20.30.40<br>
                        The ip address to redirect the traffic to. (usually<br>
                        yours)<br>
  -I eth0, --interface=eth0<br>
                        Network interface to use<br>
  -b Off, --basic=Off   Set this to On if you want to return a Basic HTTP<br>
                        authentication. Off will return an NTLM<br>
                        authentication.This option is mandatory.<br>
  -r Off, --wredir=Off  Set this to enable answers for netbios wredir suffix<br>
                        queries. Answering to wredir will likely break stuff<br>
                        on the network (like classics 'nbns spoofer' will).<br>
                        Default value is therefore set to Off<br>
  -f Off, --fingerprint=Off<br>
                        This option allows you to fingerprint a host that<br>
                        issued an NBT-NS or LLMNR query.<br>
  -w On, --wpad=On      Set this to On or Off to start/stop the WPAD rogue<br>
                        proxy server. Default value is Off<br>
  -F Off, --ForceWpadAuth=Off<br>
                        Set this to On or Off to force NTLM/Basic<br>
                        authentication on wpad.dat file retrieval. This might<br>
                        cause a login prompt in some specific cases. Default<br>
                        value is Off<br>
  --lm=Off              Set this to On if you want to force LM hashing<br>
                        downgrade for Windows XP/2003 and earlier. Default<br>
                        value is Off<br>
  -v                    More verbose</code><h3>响应用法示例</h3><p>指定IP地址重定向到<b><i>（-i 192.168.1.202），</i></b>使WPAD流氓代理<b><i>（-w开），</i></b>答案的NetBIOS <b><i>wredir（-r），并且</i></b>指纹<b><i>（-f开）：</i></b> </p><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="2b5944445f6b404a4742">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# responder -i 192.168.1.202 -w On -r On -f On<br>
NBT Name Service/LLMNR Responder 2.0.<br>
Please send bugs/comments to: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="7c101b1d1a1a15193c080e090f080b1d0a19521f1311">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script><br>
To kill this script hit CRTL-C<br>
<br>
[+]NBT-NS &amp; LLMNR responder started<br>
[+]Loading Responder.conf File..<br>
Global Parameters set:<br>
Responder is bound to this interface:ALL<br>
Challenge set is:1122334455667788<br>
WPAD Proxy Server is:ON<br>
WPAD script loaded:function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}<br>
HTTP Server is:ON<br>
HTTPS Server is:ON<br>
SMB Server is:ON<br>
SMB LM support is set to:OFF<br>
SQL Server is:ON<br>
FTP Server is:ON<br>
IMAP Server is:ON<br>
POP3 Server is:ON<br>
SMTP Server is:ON<br>
DNS Server is:ON<br>
LDAP Server is:ON<br>
FingerPrint Module is:ON<br>
Serving Executable via HTTP&amp;WPAD is:OFF<br>
Always Serving a Specific File via HTTP&amp;WPAD is:OFF</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
